We have an ePO Admin and will have an Encryption Admin. We are only encrypting LAPTOP PCs which are already filed in a quite sophisticated tree structure with all Antivirus policies assigned and functioning well.
To avoid re-creating a structure for just encrypted laptops and duplicating the ePO policies, in theory, the Encryption Admin will receive a new laptop and encrypt the drive, then we would like to place it in a NULL staging folder where it can sit for the ePO admin to pick up (kind of like a lost and found). Then the ePO admin can apply the same EEPC policies to the device once it reaches its final resting area.
We really prefer to keep the roles and responsibilities of the ePO Admin seperate from the Encryption Admin. We are looking for best practices on how to do this most effectively.
Does anyone have any thoughts or ideas on this? I am the proposed Encryption Admin and we just purchased the product, so I am a bit new. Any thoughts or ideas are appreciated. I am quandering over creating a NEW ePO group (my preference) for just encrypted laptops but I will have to recognize and migrate all ePO AV policies to each device/group. Second thought is to do as I am asking for tip on - I encrypt them and assign appropriate EEPC policies, then put them in a staging area once they are done and hand them over to the ePO Admin for filing... but my policies will have to follow.